<?php
/**
 * Project: 
 * Contenido Content Management System
 * 
 * Description: 
 * Contenido Rights
 * 
 * Requirements: 
 * @con_php_req 5.0
 * 
 *
 * @package    Contenido Backend includes
 * @version    1.0.1
 * @author     unknown
 * @copyright  four for business AG <www.4fb.de>
 * @license    http://www.contenido.org/license/LIZENZ.txt
 * @link       http://www.4fb.de
 * @link       http://www.contenido.org
 * @since      file available since contenido release <= 4.6
 * 
 * {@internal 
 *   created  unknown
 *   modified 2008-06-27, Dominik Ziegler, add security fix
 *   modified 2008-07-03, Timo Trautmann, moved inline html to template
 *   modified 2010-05-20, Murat Purc, removed request check during processing ticket [#CON-307]
 *
 *   $Id: rights_con.inc.php 3 2014-09-24 16:38:44Z R.Mansveld@Spider-IT.de $:
 * }}
 * 
 */

if (!defined('CON_FRAMEWORK')) {
	die('Illegal call');
}


//notice $oTpl is filled and generated in file rights.inc.php this file renders $oTpl to browser
include_once($cfg['path']['contenido'].'includes/rights.inc.php');

//set the areas which are in use for selecting these
$possible_area = "'".implode("','", $area_tree[$perm->showareas("con")])."'";
$sql = 'SELECT r.idarea, r.idaction, r.idcat, a.name, A.name AS action
        FROM ' . $cfg['tab']['rights'] . ' AS r INNER JOIN ' . $cfg['tab']['area'] . ' AS a ON r.idarea = a.idarea INNER JOIN ' . $cfg['tab']['actions'] . ' AS A ON r.idaction = A.idaction AND r.idarea = A.idarea
        WHERE ((r.user_id="' . Contenido_Security::escapeDB($userid, $db) . '")
           AND (r.idclient=' . Contenido_Security::toInteger($rights_client) . ')
           AND (r.type=0)
           AND (r.idlang=' . Contenido_Security::toInteger($rights_lang) . ')
           AND (a.idarea IN (' . $possible_area . '))' . ((count($aViewRights)) ? '
           AND (A.name ' . (($_POST['filter_rights'] == 'other') ? 'NOT ' : '') . 'IN ("' . implode('","', $aViewRights) . '"))' : '') . '
           AND (idcat!=0))';
$db->query($sql);
#echo '<pre>' . str_replace('    ', '', $sql) . "\n" . $db->num_rows() . '</pre>';

$rights_list_old = array ();
while ($db->next_record()) { //set a new rights list for this user
    $rights_list_old[$db->f('name') . '|' . $db->f('action') . '|' . $db->f('idcat')] = 'x';
}
#echo '<pre>'; var_dump($rights_list_old); echo '</pre>';
#echo '<pre>'; var_dump($aViewRights); echo '</pre>';

if (($perm->have_perm_area_action($area, $action)) && ($action == "user_edit")) {
    saverights();
} elseif (!$perm->have_perm_area_action($area, $action)) {
    $notification->displayNotification("error", i18n("Permission denied"));
}

$sJsBefore = '';
$sJsAfter = '';
$sJsExternal = '';
$sTable = '';

        $sJsExternal .= '<script type="text/javascript" src="scripts/addImageTags.js"></script>'."\n";
        $sJsExternal .= '<script type="text/javascript" src="scripts/expandCollapse.js"></script>';
        // declare new javascript variables;
        $sJsBefore .="
              var itemids=new Array();
              var actareaids=new Array();\n";
        
        $colspan=0;
        
		$table = new Table($cfg["color"]["table_border"], "solid", 0, 2, $cfg["color"]["table_header"], $cfg["color"]["table_light"], $cfg["color"]["table_dark"], 0, 0);

        $sTable .= $table->start_table();
        $sTable .= $table->header_row();
        $sTable .= $table->header_cell(i18n("Category"),"left");
		$sTable .= $table->header_cell("&nbsp;","left");
		
        $sCheckboxesRow = '';
        $possible_areas=array();
		$aSecondHeaderRow=array();
        // look for possible actions   in mainarea []   in str and con
        foreach($right_list["con"] as $value2)
        {
               //if there are some actions
               if(is_array($value2["action"]))
                 foreach($value2["action"] as $key3 => $value3)
                 {       
                    if ((in_array($value3, $aViewRights) && !$bExclusive) || 
                        (!in_array($value3, $aViewRights) && $bExclusive) ||
                        (count($aViewRights) == 0)) {
                        //set the areas that are in use
                         $possible_areas[$value2["perm"]]="";
                       

                         $colspan++;
                         //set  the possible areas and actions for this areas

                         //checkbox for the whole action
						 $sTable .= $table->header_cell($lngAct[$value2["perm"]][$value3]);
                         $sJsBefore .= "actareaids[\"$value3|".$value2["perm"]."\"]=\"x\"\n";

						 array_push($aSecondHeaderRow, "<input type=\"checkbox\" name=\"checkall_".$value2["perm"]."_$value3\" value=\"\" onClick=\"setRightsFor('".$value2["perm"]."','$value3','')\">");
					}

                 }
        }

        //checkbox for all rights
		$sTable .= $table->header_cell(i18n("Check all"));
        array_push($aSecondHeaderRow, "<input type=\"checkbox\" name=\"checkall\" value=\"\" onClick=\"setRightsForAll()\">");
        $sTable .= $table->end_row();
        $colspan++;
        
        $sTable .= $table->header_row();
        $sTable .= $table->header_cell('&nbsp',"center", '', '', 0);
        $sTable .= $table->header_cell('&nbsp',"center", '', '', 0);
        
        foreach ($aSecondHeaderRow as $value) {
            $sTable .= $table->header_cell($value,"center", '', '', 0);
        }
        $sTable .= $table->end_row();

        $sql = "SELECT A.idcat, level, name,parentid FROM ".$cfg["tab"]["cat_tree"]." AS A, ".$cfg["tab"]["cat"]." AS B, ".$cfg["tab"]["cat_lang"]." AS C WHERE A.idcat=B.idcat AND B.idcat=C.idcat AND C.idlang='$rights_lang' AND B.idclient='$rights_client' ORDER BY idtree";

        $db->query($sql);
        $counter=array();
        $parentid="leer";
		
        $aRowname = array();
        $iLevel = 0;

        while ($db->next_record()) {
        		$iCurrentIdCat = $db->f('idcat');
        		
                if ($db->f("level") == 0 && $db->f("preid") != 0) {
                    $sTable .= $table->row();
					$sTable .= $table->sumcell("&nbsp;","right");
					$sTable .= $table->end_row();
                }else {
                        if ($db->f("level") < $iLevel) {
                            $iDistance = $iLevel-$db->f("level");

                            for ($i = 0; $i < $iDistance; $i++) {
                                array_pop($aRowname);
                            }
                            $iLevel = $db->f("level");
                        }
                        
                        if ($db->f("level") >= $iLevel) {
                            if ($db->f("level") == $iLevel) {
                                array_pop($aRowname);
                            } else {
                                $iLevel = $db->f("level");
                            }
                            array_push($aRowname, $db->f("idcat"));
                        }
                
                        //find out parentid for inheritance
                        //if parentid is the same increase the counter
                        if($parentid==$db->f("parentid")){

                           $counter[$parentid]++;
                        }else{
                           $parentid=$db->f("parentid");
                           // if these parentid is in use increase the counter
                           if(isset($counter[$parentid])){
                                 $counter[$parentid]++;
                           }else{
                                 $counter[$parentid]=0;
                           }


                        }

                        $spaces = '<img src="images/spacer.gif" height="1" width="'.($db->f("level")*15).'"><a><img src="images/spacer.gif" width="7" id="'.implode('_', $aRowname).'_img"></a>';
                        
						$sTable .= $table->row("id=\"".implode('_', $aRowname)."\"");
                        $sTable .= $table->cell($spaces.$db->f("name"),"", "", " class=\"td_rights0\"", false);
                        $sTable .= $table->cell("<a href=\"javascript:rightsInheritanceUp('$parentid','$counter[$parentid]')\" class=\"action\"><img border=\"0\" src=\"images/pfeil_links.gif\"></a><img src=\"images/spacer.gif\" width=\"3\"><a href=\"javascript:rightsInheritanceDown('".$db->f("idcat")."')\" class=\"action\"><img border=\"0\" src=\"images/pfeil_runter.gif\"></a>","", "", " class=\"td_rights1\"", false);

						$sJsAfter.="itemids[\"".$db->f("idcat")."\"]=\"x\";\n";

                        // look for possible actions in mainarea[]

                        foreach($right_list["con"] as $value2){

                                //if there area some
                                if(is_array($value2["action"]))
                                  foreach($value2["action"] as $key3 => $value3)
                                  {
                                        if ((in_array($value3, $aViewRights) && !$bExclusive) || 
                                            (!in_array($value3, $aViewRights) && $bExclusive) ||
                                            (count($aViewRights) == 0)) {
                                           //does the user have the right
                                           if(isset($rights_list_old[$value2["perm"]."|$value3|".$iCurrentIdCat]))
                                               $checked="checked=\"checked\"";
                                           else
                                               $checked="";

                                           //set the checkbox    the name consits of      areaid+actionid+itemid        the    id  =  parebntid+couter for these parentid+areaid+actionid
                                           $sTable .= $table->cell("<input type=\"checkbox\" id=\"str_".$parentid."_".$counter[$parentid]."_".$value2["perm"]."_$value3\" name=\"rights_list[".$value2["perm"]."|$value3|".$db->f("idcat")."]\" value=\"x\" $checked>","", "", " class=\"td_rights2\"", false);
                                    }
                                  }
                        }

                         //checkbox for checking all actions fore this itemid
						 $sTable .= $table->cell("<input type=\"checkbox\" name=\"checkall_".$value2["perm"]."_".$value3."_".$db->f("idcat")."\" value=\"\" onClick=\"setRightsFor('".$value2["perm"]."','$value3','".$db->f("idcat")."')\">","", "", " class=\"td_rights3\"", false);
						 $sTable .= $table->end_row();
				}
}

$sTable .= $table->end_row();
$sTable .= $table->row();
$sTable .= $table->sumcell("<a href=javascript:submitrightsform('','area')><img src=\"".$cfg['path']['images']."but_cancel.gif\" border=0></a><img src=\"images/spacer.gif\" width=\"20\"> <a href=javascript:submitrightsform('user_edit','')><img src=\"".$cfg['path']['images']."but_ok.gif\" border=0></a>","right");
$sTable .= $table->end_row();
$sTable .= $table->end_table();

$sJsAfter .= "
    aTranslations = new Object();
    aTranslations['pfeil_links.gif'] = '".i18n("Apply rights for this category to all categories on the same level or above")."';
    aTranslations['pfeil_runter.gif'] = '".i18n("Apply rights for this category to all categories below the current category")."';
    setImageTags(aTranslations);
        
    init('".i18n("Open category")."', '".i18n("Close category")."');\n";

$oTpl->set('s', 'JS_SCRIPT_BEFORE', $sJsBefore);
$oTpl->set('s', 'JS_SCRIPT_AFTER', $sJsAfter);
$oTpl->set('s', 'RIGHTS_CONTENT', $sTable);
$oTpl->set('s', 'EXTERNAL_SCRIPTS', $sJsExternal);
$oTpl->generate('templates/standard/'.$cfg['templates']['rights_inc']);
?>
